Hello,
I didn't find a DVB-S driver for the Neotion Pilot (aka @Sky Pilot with
@SkyChip, USB v1.0), so I decided to write it on my own. In my german blog
http://satfreak.blog.de/ I write something about the reverse engineering
process. Now I've a problem with the 1-byte-checksum calculation. Each message
which I send to the device has a checksum (last byte). I don't know how to
calculate the checksum.
Did someone know how to reverse engineer a 1-byte-checksum?
Did someone see these type of messages before?
Did someone detect any algorithm in the checksum values?
Here are examples:
static unsigned char ep03_msg109[] = {
0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
0x01, 0xd0, 0x1e, 0x01, 0x00,
0xca /* Checksum */
};
static unsigned char ep03_msg110[] = {
0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
0x01, 0xd0, 0x1f, 0x01, 0x00,
0xcb /* Checksum */
};
In the above example the checksum is incremented by one and there is also one
byte incremented by one in the payload (0x1e -> 0x1f and 0xca -> 0xcb). this
seems to be a simple addition.
static unsigned char ep03_msg111[] = {
0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
0x01, 0xd0, 0x20, 0x01, 0x00,
0xf4 /* Checksum */
};
In the next example the byte is further incremented, but the checksum changes
much more (0x1f -> 0x20 and 0xcb -> 0xf4).
The device doesn't respond to a message with the wrong checksum. I used this
to try all values until I found the correct one, but this needs some seconds.
This behaviour will not be acceptable within a DVB driver.
Much more examples are in my test code which currently uses libusb-1.0:
http://www.pastie.org/519407
Best regards
Juergen Urban